Guide pour désactiver les services sur 11 IoT Entreprise et 10 IoT Entreprise et LTSC
Posté : dim. 30 juin 2024 18:30
tiré d'ici...mais il faut aller voir le site pour voir correctement le tableau..
https://learn.microsoft.com/en-us/windo ... e/services
Guidance on disabling system services on Windows IoT Enterprise
Article
01/12/2024
In this article
Guidance descriptions
Per User Services
System Services
More Resources
Applies to:
Applies to:
Windows 11 IoT Enterprise
Windows 10 IoT Enterprise
Windows 10 IoT Enterprise LTSC 2021
The Windows IoT Enterprise operating system includes many system services run in the background without a user interface to provide core operating system features. Each service is configured to start under certain circumstances, which were carefully chosen for each service to provide a balance of performance, functionality and security for the typical Windows user. These start types include the following.
Automatically start when Windows starts
Automatically start when a user logs in
Manually start when the functionality that it provides is needed
Disabled by default
When building a fixed-function, specialized device based on Windows IoT Enterprise a device maker might need to reconfigure these startup values to increase the security posture or reduce resource overhead by disabling services that aren't needed for a specific device scenario. This article includes detailed guidance regarding which services can safely be disabled as well as links to more resources that provide step by step configuration instructions for multiple methods.
Guidance descriptions
For all system services listed in this document, Microsoft provides guidance for enabling and disabling system services in Windows IoT Enterprise.
No guidance: The effect of disabling these services isn't fully evaluated. Therefore, the default configuration of these services shouldn't be changed.
Don't disable: Disabling this service impacts essential functionality by preventing specific roles and features from functioning correctly. Therefore it shouldn't be disabled.
OK to disable: This service provides functionality that is useful to some but not all enterprises, and security-focused enterprises that don't use it can safely disable it.
Already disabled: This service is disabled by default; no need to enforce with policy.
Should be disabled: This service should never be enabled on a well-managed enterprise system.
Per User Services
When a user signs in to Windows, the OS creates per-user services. When the user signs out, these services are stopped and deleted. They run in the security context of the user account instead of a built-in security principal. Windows creates these per-user services based on templates defined in the registry. If you need to manage or control behaviors of these services, you can adjust the template. For more information about inspecting and configuring Per-user Services, see Per User Services in Windows
The following table lists per-user services in the current version of Windows. Other versions of Windows 10/11 might not have the same services available. Before you reconfigure any of these services, review this information to understand the implications. For example, if you disable the per-user service, there might be dependent apps that don't work correctly.
https://learn.microsoft.com/en-us/windo ... e/services
Guidance on disabling system services on Windows IoT Enterprise
Article
01/12/2024
In this article
Guidance descriptions
Per User Services
System Services
More Resources
Applies to:
Applies to:
Windows 11 IoT Enterprise Windows 10 IoT Enterprise Windows 10 IoT Enterprise LTSC 2021The Windows IoT Enterprise operating system includes many system services run in the background without a user interface to provide core operating system features. Each service is configured to start under certain circumstances, which were carefully chosen for each service to provide a balance of performance, functionality and security for the typical Windows user. These start types include the following.
Automatically start when Windows starts
Automatically start when a user logs in
Manually start when the functionality that it provides is needed
Disabled by default
When building a fixed-function, specialized device based on Windows IoT Enterprise a device maker might need to reconfigure these startup values to increase the security posture or reduce resource overhead by disabling services that aren't needed for a specific device scenario. This article includes detailed guidance regarding which services can safely be disabled as well as links to more resources that provide step by step configuration instructions for multiple methods.
Guidance descriptions
For all system services listed in this document, Microsoft provides guidance for enabling and disabling system services in Windows IoT Enterprise.
No guidance: The effect of disabling these services isn't fully evaluated. Therefore, the default configuration of these services shouldn't be changed.
Don't disable: Disabling this service impacts essential functionality by preventing specific roles and features from functioning correctly. Therefore it shouldn't be disabled.
OK to disable: This service provides functionality that is useful to some but not all enterprises, and security-focused enterprises that don't use it can safely disable it. Already disabled: This service is disabled by default; no need to enforce with policy.
Should be disabled: This service should never be enabled on a well-managed enterprise system.Per User Services
When a user signs in to Windows, the OS creates per-user services. When the user signs out, these services are stopped and deleted. They run in the security context of the user account instead of a built-in security principal. Windows creates these per-user services based on templates defined in the registry. If you need to manage or control behaviors of these services, you can adjust the template. For more information about inspecting and configuring Per-user Services, see Per User Services in Windows
The following table lists per-user services in the current version of Windows. Other versions of Windows 10/11 might not have the same services available. Before you reconfigure any of these services, review this information to understand the implications. For example, if you disable the per-user service, there might be dependent apps that don't work correctly.